Описание
An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 19.4.1 (исключая)Версия до 19.4.1 (исключая)
Одно из
cpe:2.3:a:claris:filemaker_pro:*:*:*:*:*:*:*:*
cpe:2.3:a:claris:filemaker_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00304
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 5.5
github
около 4 лет назад
An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.
EPSS
Процентиль: 53%
0.00304
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-611